Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Flaw in Kia’s web portal let researchers track, hack cars
Bug let researchers track millions of cars, unlock doors, and start engines at will. Enlarge (credit: Chesky_w via Getty) When security researchers in the past found ways to hijack vehicles' Internet-connected systems, t.....»»
China, EU agree to end EV tariff disputes with minimum price pledge, ministry says
Technical teams from China and the European Commission are actively negotiating a flexible price commitment to mitigate looming EV tariffs......»»
PlayStation is remastering the wrong games
The State of Play announcement of Horizon Zero Dawn Remastered highlights a major flaw of Sony's remaster strategy and PSVR2 support......»»
America"s Group CEO: More auctions to buy for better reach across U.S.
Auto auction services provider America's Group wants more market share. It's actively acquiring......»»
Lenovo ThinkBook Plus Gen 5 Hybrid review: part Android, part Windows
The Lenovo ThinkBook Plus Gen 5 Hybrid is a fascinating concept combining a Windows laptop with an Android tablet. It has its charms, but one flaw stands out......»»
Apache HugeGraph-Server flaw actively exploited, CISA warns
The vulnerability has been patched months ago, but now federal agencies have a deadline to patch......»»
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access t.....»»
NASA Scientists "Howl in Terror" as They Discovered Disastrous Flaw in $5 Billion Spacecraft About to Launch
NASA Scientists "Howl in Terror" as They Discovered Disastrous Flaw in $5 Billion Spacecraft About to Launch.....»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
Exploring ternary metal sulfides as electrocatalysts for carbon dioxide reduction reactions
One of the most promising avenues for actively reducing CO2 levels in the atmosphere is recycling it into valuable chemicals via electrocatalytic CO2 reduction reactions. With a suitable electrocatalyst, this can be achieved under mild conditions and.....»»
How bacteria actively use passive physics to make biofilms
When we think about bacteria, we may imagine single cells swimming in solution. However, similarly to humans, bacterial cells often socialize, using surfaces to coalesce into complex heterogeneous communities called biofilms. Within a group, bacteria.....»»
Adobe Acrobat Reader has a serious security flaw — so patch now
A bug allows threat actors to launch malicious code on Acrobat Reader remotely, and it's already being used in the wild......»»
Space travel: Protection from cosmic radiation with boron nitride nanotube fibers
With the success of the Nuri launch last year and the recent launch of the newly established Korea Aerospace Administration, interest in space has increased, and both the public and private sectors are actively investing in space-related industries s.....»»
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (C.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»